HarmonyOS
OpenHarmony gets permission to publish software threat details
OpenAtom Foundation has officially announced that it has obtained permission for CVE (Common Vulnerabilities and Exposures) disclosure. Finally, OpenHarmony will get the chance to publish its software details and exploits of the system.
According to the latest information, the OpenAtom Foundation has recently participated in the CNA (Common Vulnerability Disclosure Numbering Authority) program. Consequently, the organization gave the honor to the foundation to become the numbering authority.
OpenHarmony is an open-source project managed and operated by the OpenAtom Foundation. The main aim of this project is to build an open-source, distributed operating system framework for smart devices. So far, the respective project has several rights to go with. However, it remains stagnant from the discovery and publishing of the vulnerabilities and exposures of its systems.
As of now, the firm has qualified for the CVE general vulnerability disclosure issuing. This means that now the OpenHarmony system has full right to define its software details and identify the exploits and security threats if any.
How does the CVE Disclosure work?
Generally, the CVE authority, established in September 1999 is a global non-profit institution. The institute has various IT vendors, security firms, and security research centers around the globe. Together, these cooperations contribute to the issuance and managing of the software details of a particular system.
Apart from these cooperations, some specific stakeholders help to find the vulnerability in the system. These individuals identify the threats of the software through a unique CVE code. This code helps the operators trace the issues and find a definitive solution for them. Thereafter, the company releases the patches based on these threats.
Since OpenHarmony has become the CVE numbering authority, the firm is free to manage and handle the CVE numbers related to the OpenHarmony community. On the other hand, it is now responsible for assigning and describing the errors in the authorization.
You can understand in a better way about the OpenHarmony Vulnerability policy, HERE.
(Source)
